diff options
author | Hannes Reinecke <hare@suse.de> | 2014-10-24 14:26:57 +0200 |
---|---|---|
committer | Christoph Hellwig <hch@lst.de> | 2014-11-12 11:16:03 +0100 |
commit | a9a47bf58ac1d5525ae99922e055d8de87eeae78 (patch) | |
tree | b6f3e5f7ed4879e19fb898774dcd2db8e6e3c43c /drivers/scsi/ch.c | |
parent | 2478a736a7d01e3ef8d273e8fc5b11b6ed9af3ea (diff) | |
download | op-kernel-dev-a9a47bf58ac1d5525ae99922e055d8de87eeae78.zip op-kernel-dev-a9a47bf58ac1d5525ae99922e055d8de87eeae78.tar.gz |
scsi: repurpose the last argument from print_opcode_name()
print_opcode_name() was only ever called with a '0' argument
from LLDDs and ULDs which were _not_ supporting variable length
CDBs, so the 'if' clause was never triggered.
Instead we should be using the last argument to specify
the cdb length to avoid accidental overflow when reading
the cdb buffer.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Robert Elliott <elliott@hp.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Diffstat (limited to 'drivers/scsi/ch.c')
-rw-r--r-- | drivers/scsi/ch.c | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/drivers/scsi/ch.c b/drivers/scsi/ch.c index 53621a3..226ef77 100644 --- a/drivers/scsi/ch.c +++ b/drivers/scsi/ch.c @@ -182,7 +182,7 @@ static int ch_find_errno(struct scsi_sense_hdr *sshdr) } static int -ch_do_scsi(scsi_changer *ch, unsigned char *cmd, +ch_do_scsi(scsi_changer *ch, unsigned char *cmd, int cmd_len, void *buffer, unsigned buflength, enum dma_data_direction direction) { @@ -196,7 +196,7 @@ ch_do_scsi(scsi_changer *ch, unsigned char *cmd, errno = 0; if (debug) { DPRINTK("command: "); - __scsi_print_command(cmd); + __scsi_print_command(cmd, cmd_len); } result = scsi_execute_req(ch->device, cmd, direction, buffer, @@ -257,7 +257,8 @@ ch_read_element_status(scsi_changer *ch, u_int elem, char *data) cmd[3] = elem & 0xff; cmd[5] = 1; cmd[9] = 255; - if (0 == (result = ch_do_scsi(ch, cmd, buffer, 256, DMA_FROM_DEVICE))) { + if (0 == (result = ch_do_scsi(ch, cmd, 12, + buffer, 256, DMA_FROM_DEVICE))) { if (((buffer[16] << 8) | buffer[17]) != elem) { DPRINTK("asked for element 0x%02x, got 0x%02x\n", elem,(buffer[16] << 8) | buffer[17]); @@ -287,7 +288,7 @@ ch_init_elem(scsi_changer *ch) memset(cmd,0,sizeof(cmd)); cmd[0] = INITIALIZE_ELEMENT_STATUS; cmd[1] = (ch->device->lun & 0x7) << 5; - err = ch_do_scsi(ch, cmd, NULL, 0, DMA_NONE); + err = ch_do_scsi(ch, cmd, 6, NULL, 0, DMA_NONE); VPRINTK(KERN_INFO, "... finished\n"); return err; } @@ -309,10 +310,10 @@ ch_readconfig(scsi_changer *ch) cmd[1] = (ch->device->lun & 0x7) << 5; cmd[2] = 0x1d; cmd[4] = 255; - result = ch_do_scsi(ch, cmd, buffer, 255, DMA_FROM_DEVICE); + result = ch_do_scsi(ch, cmd, 10, buffer, 255, DMA_FROM_DEVICE); if (0 != result) { cmd[1] |= (1<<3); - result = ch_do_scsi(ch, cmd, buffer, 255, DMA_FROM_DEVICE); + result = ch_do_scsi(ch, cmd, 10, buffer, 255, DMA_FROM_DEVICE); } if (0 == result) { ch->firsts[CHET_MT] = @@ -437,7 +438,7 @@ ch_position(scsi_changer *ch, u_int trans, u_int elem, int rotate) cmd[4] = (elem >> 8) & 0xff; cmd[5] = elem & 0xff; cmd[8] = rotate ? 1 : 0; - return ch_do_scsi(ch, cmd, NULL, 0, DMA_NONE); + return ch_do_scsi(ch, cmd, 10, NULL, 0, DMA_NONE); } static int @@ -458,7 +459,7 @@ ch_move(scsi_changer *ch, u_int trans, u_int src, u_int dest, int rotate) cmd[6] = (dest >> 8) & 0xff; cmd[7] = dest & 0xff; cmd[10] = rotate ? 1 : 0; - return ch_do_scsi(ch, cmd, NULL,0, DMA_NONE); + return ch_do_scsi(ch, cmd, 12, NULL,0, DMA_NONE); } static int @@ -484,7 +485,7 @@ ch_exchange(scsi_changer *ch, u_int trans, u_int src, cmd[9] = dest2 & 0xff; cmd[10] = (rotate1 ? 1 : 0) | (rotate2 ? 2 : 0); - return ch_do_scsi(ch, cmd, NULL,0, DMA_NONE); + return ch_do_scsi(ch, cmd, 12, NULL, 0, DMA_NONE); } static void @@ -534,7 +535,7 @@ ch_set_voltag(scsi_changer *ch, u_int elem, memcpy(buffer,tag,32); ch_check_voltag(buffer); - result = ch_do_scsi(ch, cmd, buffer, 256, DMA_TO_DEVICE); + result = ch_do_scsi(ch, cmd, 12, buffer, 256, DMA_TO_DEVICE); kfree(buffer); return result; } @@ -765,7 +766,8 @@ static long ch_ioctl(struct file *file, ch_cmd[5] = 1; ch_cmd[9] = 255; - result = ch_do_scsi(ch, ch_cmd, buffer, 256, DMA_FROM_DEVICE); + result = ch_do_scsi(ch, ch_cmd, 12, + buffer, 256, DMA_FROM_DEVICE); if (!result) { cge.cge_status = buffer[18]; cge.cge_flags = 0; |